Streaming Secure Messaging

From Roaring Penguin
Jump to: navigation, search

In general you must force outbound mail into some realm and stream. It doesn't have to be associated with a particular client; in Hosted CanIt, for example, we made a special realm called outbound-container-realm and we force outbound mail into outbound-container-realm:default

Next: When CanIt sees mail forced into a stream, it assumes it's outbound mail. It uses the realm and stream of the *sender* to figure out which Secure Messaging rules to apply. So it all works as expected: If someone@client1.org sends mail out, the rules applied will be from someone@client1.org's stream and realm. If someone_else@client2.org sends mail out, even though the actual outbound mail is in the outbound realm and stream the secure messaging rules from someone_else@client2.org's realm and stream apply.

To recap: Forcing mail into a realm:stream using Known Networks is the *only* way CanIt can distinguish inbound from outbound mail and handle them correctly.